Market Research
ESET Outs APT Activity Report Highlighting Activities of Russia, North Korea, Iran, and China-Aligned Threat Actors

Accompanying the successful ESET Threat Report, ESET Research has launched the ESET APT Activity Report, aiming to provide a periodic overview of ESET’s findings on the activities of advanced persistent threat (APT) groups. In the first installment, covering T2 2022 (May-August 2022), ESET Research saw no decline in the APT activity of Russia, China, Iran, and North Korea-aligned threat actors. More than eight months after the Russian invasion, Ukraine continues to be a prime target of Russia-aligned APT groups such as the infamous Sandworm, but also Gamaredon, InvisiMole, Callisto, and Turla. The aerospace and defense industries, along with financial and cryptocurrency firms and exchanges, continue to be of high interest to North Korea-aligned groups.
“We have noticed that in T2 2022, several Russia-aligned groups used the Russian multiplatform messaging service Telegram to access C&C servers or as an instrument to leak information. Threat actors from other regions were also trying to gain access to Ukrainian organizations, both for cyber espionage and intellectual property theft,” elaborates Jean-Ian Boutin, Director of ESET Threat Research.
“The aerospace and defense industry remains of interest to North Korea-aligned groups – Lazarus targeted an employee of an aerospace company in the Netherlands. According to our research, the group abused a vulnerability in a legitimate Dell driver to infiltrate the company, and we believe this to be the first-ever recorded abuse of this vulnerability in the wild,” continues Boutin.
Financial institutions and entities working with cryptocurrency were targeted by North Korea-aligned Kimsuky and two Lazarus campaigns. One of these, dubbed Operation In(ter)ception by ESET researchers, branched out of its usual targeting of aerospace and defense industries when it targeted a person from Argentina with malware disguised as a job offer at Coinbase. ESET also spotted Konni using a technique employed by Lazarus in the past – a trojanised version of the Sumatra PDF viewer.
China-aligned groups remained highly active, using various vulnerabilities and previously unreported backdoors. ESET identified a Linux variant of a backdoor used by SparklingGoblin against a Hong Kong university. The same group leveraged a Confluence vulnerability to target a food manufacturing company in Germany and an engineering company based in the US. ESET Research also suspects that a ManageEngine ADSelfService Plus vulnerability was behind the compromise of a US defense contractor whose systems were breached only two days after the public disclosure of the vulnerability. In Japan, ESET Research identified several MirrorFace campaigns, one directly connected to the House of Councilors election.
The growing number of Iran-aligned groups continued to focus their efforts mainly on various Israeli verticals. ESET researchers were able to attribute a campaign targeting a dozen organizations in Israel to POLONIUM and identify several previously undocumented backdoors. Organizations in or linked to the diamond industry in South Africa, Hong Kong, and Israel were targeted by Agrius in what ESET Research considers a supply-chain attack abusing an Israeli-based software suite used in this vertical. In another campaign in Israel, indicators of possible tool-use overlap between MuddyWater and APT35 groups were found. ESET Research also discovered a new version of Android malware in a campaign conducted by the APT-C-50 group; it was distributed by a copycat of an Iranian website and had limited spying functionality.
For more technical information check the full “ESET APT Activity Report” on WeLiveSecurity.
Artificial Intelligence
DeepSeek-R1 AI Poses 11x Higher Harmful Content Risk

The launch of DeepSeek’s R1 AI model has sent shockwaves through global markets, reportedly wiping $1 trillion from stock markets. Trump advisor and tech venture capitalist Marc Andreessen described the release as “AI’s Sputnik moment,” underscoring the global national security concerns surrounding the Chinese AI model.
However, new red teaming research by Enkrypt AI, the world’s leading AI security and compliance platform, has uncovered serious ethical and security flaws in DeepSeek’s technology. The analysis found the model to be highly biased and susceptible to generating insecure code, as well as producing harmful and toxic content, including hate speech, threats, self-harm, and explicit or criminal material. Additionally, the model was found to be vulnerable to manipulation, allowing it to assist in the creation of chemical, biological, and cybersecurity weapons, posing significant global security concerns.
Compared with other models, the research found that DeepSeek’s R1 is:
- 3x more biased than Claude-3 Opus
- 4x more vulnerable to generating insecure code than OpenAI’s O1
- 4x more toxic than GPT-4o
- 11x more likely to generate harmful output compared to OpenAI’s O1
- 3.5x more likely to produce Chemical, Biological, Radiological, and Nuclear (CBRN) content than OpenAI’s O1 and Claude-3 Opus
Sahil Agarwal, CEO of Enkrypt AI, said, “DeepSeek-R1 offers significant cost advantages in AI deployment, but these come with serious risks. Our research findings reveal major security and safety gaps that cannot be ignored. While DeepSeek-R1 may be viable for narrowly scoped applications, robust safeguards—including guardrails and continuous monitoring—are essential to prevent harmful misuse. AI safety must evolve alongside innovation, not as an afterthought.”
The model exhibited the following risks during testing:
- BIAS & DISCRIMINATION – 83% of bias tests successfully produced discriminatory output, with severe biases in race, gender, health, and religion. These failures could violate global regulations such as the EU AI Act and U.S. Fair Housing Act, posing risks for businesses integrating AI into finance, hiring, and healthcare.
- HARMFUL CONTENT & EXTREMISM – 45% of harmful content tests successfully bypassed safety protocols, generating criminal planning guides, illegal weapons information, and extremist propaganda. In one instance, DeepSeek-R1 drafted a persuasive recruitment blog for terrorist organizations, exposing its high potential for misuse.
- TOXIC LANGUAGE – The model ranked in the bottom 20th percentile for AI safety, with 6.68% of responses containing profanity, hate speech, or extremist narratives. In contrast, Claude-3 Opus effectively blocked all toxic prompts, highlighting DeepSeek-R1’s weak moderation systems.
- CYBERSECURITY RISKS – 78% of cybersecurity tests successfully tricked DeepSeek-R1 into generating insecure or malicious code, including malware, trojans, and exploits. The model was 4.5x more likely than OpenAI’s O1 to generate functional hacking tools, posing a major risk for cybercriminal exploitation.
- BIOLOGICAL & CHEMICAL THREATS – DeepSeek-R1 was found to explain in detail the biochemical interactions of sulfur mustard (mustard gas) with DNA, a clear biosecurity threat. The report warns that such CBRN-related AI outputs could aid in the development of chemical or biological weapons.
Sahil Agarwal concluded, “As the AI arms race between the U.S. and China intensifies, both nations are pushing the boundaries of next-generation AI for military, economic, and technological supremacy. However, our findings reveal that DeepSeek-R1’s security vulnerabilities could be turned into a dangerous tool—one that cybercriminals, disinformation networks, and even those with biochemical warfare ambitions could exploit. These risks demand immediate attention.”
Cyber Security
World Economic Forum and Check Point Research Highlight Six Emerging Cybersecurity Challenges for 2025

Written by Vasily Dyagilev, Regional Director, Middle East, RCIS at Check Point Software Technologies (more…)
Cyber Security
One-Third of UAE Children Play Age-Inappropriate Computer Games

According to a recent survey conducted by Kaspersky in collaboration with the UAE Cyber Security Council, more than a third of parents surveyed (33%) across the UAE, believe that their children play games that are inappropriate for their age. Based on the survey, boys are more prone to such behaviour than girls – 50% and 43% of children respectively have violated age guidelines when playing games on their computers.
It’s possible that parents tend to exaggerate the problem of violating age restrictions in computer games, or children are not always aware of these restrictions: according to the children themselves, only 30% confessed that they had ever played games that were not suitable for their age. Girls are more obedient to age restrictions of video games, with 78% having never played inappropriate games, while for boys it is 64%.
Playing computer games is a common way for youngsters to spend their free time (91%). Half of them use smartphones for gaming (52%), and the second place is taken by computers (40%). Based on parents’ estimates, 41% of children play video games every day. “Parents often worry that their children spend too much time playing computer games. Of course, it is important to ensure that the child follows a routine, gets enough sleep, takes a break from the screen, and is physically active, however, parents should not blame computer games for everything”, comments Seifallah Jedidi, Head of Consumer Channel for the META at Kaspersky. “Parents should take a proactive position in this area, be interested in the latest products offered by the video game industry, and, of course, understand their children’s gaming preferences and pay attention to the age limits marking. It’s worth mentioning that today, there is a wide variety of games on offer, many of which include educational materials, and so we recommend not to prohibit this type of leisure, but rather to seek a compromise.”
To keep children safe online, Kaspersky recommends that parents:
- Pursue interest in what games your children play. Ideally, you should try those games yourself. This will help build more trust in your family relationships and help you to understand what your child is interested in.
- If you notice that your child plays a lot, try to analyze the reasons for this and also answer the question of whether they have an alternative that they like, ask what they would like to do besides gaming and try to engage them with another interesting hobby.
- Be informed about current cyber threats and talk to your children about the risks they may face online; teach them how to resist online threats and recognize the tricks of scammers.
- Use a parental control program on your child’s device. It will allow you to control the applications downloaded on the device or set a schedule for when these applications can be used.
The survey entitled “Growing Up Online” was conducted by Toluna Research Agency at the request of Kaspersky in 2023-2024. The study sample included 2000 online interviews (1000 parent-child pairs, with children aged 3 to 17 years) in the UAE.
-
Artificial Intelligence1 week ago
DeepSeek-R1 AI Poses 11x Higher Harmful Content Risk
-
Artificial Intelligence6 days ago
DeepSeek Popularity Exploited in Latest PyPI Attack
-
Artificial Intelligence6 days ago
SentinelOne to Spotlight AI-Driven Cybersecurity at LEAP 2025
-
Cyber Security3 days ago
Employees Are the First Line of Defense
-
News5 days ago
Sophos Completes Secureworks Acquisition
-
Homeland Security1 week ago
Daimler Truck Focuses on Growth in the Defence Sector
-
Cyber Security3 days ago
Proactive Threat Intelligence Can Keep Threats at Bay
-
Cyber Security1 week ago
Tenable Plans to Acquire Vulcan Cyber